Skip to content

G
gitlab-ce
Commit 4f4e34fe authored by Markus Koller's avatar Markus Koller
Browse files
Options

Merge branch 'sast_mobile' into 'master' 

Add MobSF in SAST vendor template

See merge request gitlab-org/gitlab!45291
parents 904e1559 7c001e9e
Hide whitespace changes
Inline Side-by-side
Showing with 72 additions and 22 deletions
ee/changelogs/unreleased/sast_mobile.yml 0 → 100644
View file @ 4f4e34fe
---
title: Add MobSF in SAST vendor template
merge_request: 45291
author:
type: added
ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb
View file @ 4f4e34fe
......@@ -36,27 +36,31 @@ RSpec.describe 'SAST.gitlab-ci.yml' do
using RSpec::Parameterized::TableSyntax
where(:case_name, :files, :variables, :include_build_names) do
'Apex' | { 'app.cls' => '' } | {} | %w(pmd-apex-sast)
'C' | { 'app.c' => '' } | {} | %w(flawfinder-sast)
'C++' | { 'app.cpp' => '' } | {} | %w(flawfinder-sast)
'C#' | { 'app.csproj' => '' } | {} | %w(security-code-scan-sast)
'Elixir' | { 'mix.exs' => '' } | {} | %w(sobelow-sast)
'Golang' | { 'main.go' => '' } | {} | %w(gosec-sast)
'Groovy' | { 'app.groovy' => '' } | {} | %w(spotbugs-sast)
'Java' | { 'app.java' => '' } | {} | %w(spotbugs-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast)
'JSX' | { 'app.jsx' => '' } | {} | %w(eslint-sast)
'Javascript Node' | { 'package.json' => '' } | {} | %w(nodejs-scan-sast)
'HTML' | { 'index.html' => '' } | {} | %w(eslint-sast)
'Kubernetes Manifests' | { 'Chart.yaml' => '' } | { 'SCAN_KUBERNETES_MANIFESTS' => 'true' } | %w(kubesec-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast spotbugs-sast)
'PHP' | { 'app.php' => '' } | {} | %w(phpcs-security-audit-sast)
'Python' | { 'app.py' => '' } | {} | %w(bandit-sast)
'Ruby' | { 'config/routes.rb' => '' } | {} | %w(brakeman-sast)
'Scala' | { 'app.scala' => '' } | {} | %w(spotbugs-sast)
'Typescript' | { 'app.ts' => '' } | {} | %w(eslint-sast)
'Typescript JSX' | { 'app.tsx' => '' } | {} | %w(eslint-sast)
'Visual Basic' | { 'app.vbproj' => '' } | {} | %w(security-code-scan-sast)
'Android' | { 'AndroidManifest.xml' => '', 'a.java' => '' } | { 'SAST_EXPERIMENTAL_FEATURES' => 'true' } | %w(mobsf-android-sast)
'Apex' | { 'app.cls' => '' } | {} | %w(pmd-apex-sast)
'C' | { 'app.c' => '' } | {} | %w(flawfinder-sast)
'C++' | { 'app.cpp' => '' } | {} | %w(flawfinder-sast)
'C#' | { 'app.csproj' => '' } | {} | %w(security-code-scan-sast)
'Elixir' | { 'mix.exs' => '' } | {} | %w(sobelow-sast)
'Golang' | { 'main.go' => '' } | {} | %w(gosec-sast)
'Groovy' | { 'app.groovy' => '' } | {} | %w(spotbugs-sast)
'iOS' | { 'a.xcodeproj/x.pbxproj' => '' } | { 'SAST_EXPERIMENTAL_FEATURES' => 'true' } | %w(mobsf-ios-sast)
'Java' | { 'app.java' => '' } | {} | %w(spotbugs-sast)
'Java with MobSF' | { 'app.java' => '' } | { 'SAST_EXPERIMENTAL_FEATURES' => 'true' } | %w(spotbugs-sast)
'Java without MobSF' | { 'AndroidManifest.xml' => '', 'a.java' => '' } | {} | %w(spotbugs-sast)
'Javascript' | { 'app.js' => '' } | {} | %w(eslint-sast)
'JSX' | { 'app.jsx' => '' } | {} | %w(eslint-sast)
'Javascript Node' | { 'package.json' => '' } | {} | %w(nodejs-scan-sast)
'HTML' | { 'index.html' => '' } | {} | %w(eslint-sast)
'Kubernetes Manifests' | { 'Chart.yaml' => '' } | { 'SCAN_KUBERNETES_MANIFESTS' => 'true' } | %w(kubesec-sast)
'Multiple languages' | { 'app.java' => '', 'app.js' => '' } | {} | %w(eslint-sast spotbugs-sast)
'PHP' | { 'app.php' => '' } | {} | %w(phpcs-security-audit-sast)
'Python' | { 'app.py' => '' } | {} | %w(bandit-sast)
'Ruby' | { 'config/routes.rb' => '' } | {} | %w(brakeman-sast)
'Scala' | { 'app.scala' => '' } | {} | %w(spotbugs-sast)
'Typescript' | { 'app.ts' => '' } | {} | %w(eslint-sast)
'Typescript JSX' | { 'app.tsx' => '' } | {} | %w(eslint-sast)
'Visual Basic' | { 'app.vbproj' => '' } | {} | %w(security-code-scan-sast)
end
with_them do
......
lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
View file @ 4f4e34fe
......@@ -9,7 +9,7 @@ variables:
# (SAST, Dependency Scanning, ...)
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, sobelow, pmd-apex, kubesec"
SAST_DEFAULT_ANALYZERS: "bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, sobelow, pmd-apex, kubesec, mobsf"
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
SAST_ANALYZER_IMAGE_TAG: 2
SCAN_KUBERNETES_MANIFESTS: "false"
......@@ -125,6 +125,42 @@ gosec-sast:
exists:
- '**/*.go'
mobsf-android-sast:
extends: .sast-analyzer
services:
- name: opensecurity/mobile-security-framework-mobsf:latest
alias: mobsf
image:
name: "$SAST_ANALYZER_IMAGE"
variables:
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/mobsf:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DISABLED
when: never
- if: $CI_COMMIT_BRANCH &&
$SAST_DEFAULT_ANALYZERS =~ /mobsf/ &&
$SAST_EXPERIMENTAL_FEATURES == 'true'
exists:
- '**/AndroidManifest.xml'
mobsf-ios-sast:
extends: .sast-analyzer
services:
- name: opensecurity/mobile-security-framework-mobsf:latest
alias: mobsf
image:
name: "$SAST_ANALYZER_IMAGE"
variables:
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/mobsf:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DISABLED
when: never
- if: $CI_COMMIT_BRANCH &&
$SAST_DEFAULT_ANALYZERS =~ /mobsf/ &&
$SAST_EXPERIMENTAL_FEATURES == 'true'
exists:
- '**/*.xcodeproj/*'
nodejs-scan-sast:
extends: .sast-analyzer
image:
......@@ -203,6 +239,11 @@ spotbugs-sast:
variables:
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DEFAULT_ANALYZERS =~ /mobsf/ &&
$SAST_EXPERIMENTAL_FEATURES == 'true'
exists:
- '**/AndroidManifest.xml'
when: never
- if: $SAST_DISABLED
when: never
- if: $CI_COMMIT_BRANCH &&
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7